Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

OMi Management Pack for Infrastructure2.00

Administer > Configure Streaming of Logs > Configure Structured Log Streaming Policy

Configure Structured Log Streaming Policy

Sys_SyslogStreaming policy collects the data from the list of files returned by the perl script /var/opt/OV/bin/instrumentation/ispi-ovperl getSyslogPath.pl at an interval of one minute. The data collected is structured as <timestamp> <SourceHost> <message>. By default, data log file is collected from last entry before deploying the System Log Collection Aspect. If you need to load the data from the beginning of the log file then you can configure the policy accordingly.

Note If you want to log stream historic data, it is recommended to plan as this could impact system performance.

To configure the policy, follow these steps:

On Linux-based system

Note If you modify the structure of the log file, ensure to map the structure accordingly.

Open the Management Templates & Aspects pane:

Click Administration > Monitoring > Management Templates & Aspects.
In the Configuration Folders pane, expand Infrastructure Management > Systems Infrastructure Aspects.
In the Management Templates & Aspects pane, select the System Log Collection Aspect and click Edit.
In the Policy Templates tab, select the Sys_SyslogStreaming policy and click Edit Policy Template. The Sys_SyslogStreaming - Edit window is displayed.
In the Source tab, based on the requirement, select the Read Mode as Read from beginning (first time) or Read from beginning (always) option.

Make sure not to modify any other default setting related to data field in source, schema or mapping tabs.
Click Save and Close.

On Windows-based system

Open the Management Templates & Aspects pane:

Click Administration > Monitoring > Management Templates & Aspects.
In the Configuration Folders pane, expand Infrastructure Management > Systems Infrastructure Aspects.
In the Management Templates & Aspects pane, select the System Log Collection Aspect and click Edit.
In the Policy Templates tab, select the Sys_ApplicationlogStreaming, Sys_SecuritylogStreaming, or Sys_SystemlogStreaming policy and click Edit Policy Template (Raw Mode). The Edit window for the respective log is displayed.
Click Policy Data tab, based on the requirement, edit the PARAM "readMode" "<option>" as firstFromBegin, alwaysFromBegin or fromLastPos option.

Caution Make sure not to modify any other default setting related to data field in source, schema or mapping tabs.
Click Save and Close.

Parameter in Sys_ApplicationlogStreaming, Sys_SecuritylogStreaming, or Sys_SystemlogStreaming policy templates:

Parameter name	Description
`severity`	Level
`host name`	Name of the host computer
`path`	Log name source
`custom_string1`	Provider data
`timestamp`	Logged
`message`	Description
`custom_string2`	Event data
`custom_int1`	Event ID
`custom_int2`	Event record ID
`custom_string3`	User data
`custom_string4`	Operation code
`custom_string5`	Task
`custom_string6`	Keywords
`custom_int3`	Thread ID
`custom_int4`	Process ID

The policy with version incremented by 0.1 is created.

Send Help Center feedback